Hello,
So, as it says in the title I am going to be doing a ‘soft reboot’ of the website and making my blog more DFIR/Hacking specifically dedicated to that subjects and will try to explain here why and speak about some posts and interviews that I have planned.
When it comes to most careers as you progress you branch out into more specific field and that Is what has happened to me, for instance when I first started higher education in ‘Computing’ I wasn’t aware of the multitude of teams and paths I could take out of helpdesk and level 2 and 3 roles like:-
Helpdesk > Desktop > Project Work > Application Support
Helpdesk > Desktop > Server > Infrastructure
Helpdesk > Desktop > Networking
Helpdesk > Software Development
As you can see it’s not just ‘Computing’ and it’s the same in ‘Cybersecurity’ where you might be fooled into thinking there is just a Cybersecurity team and they deal with all the companies Cyber stuff when in fact you can be offensive (red) or defensive (blue) or build (yellow) as well as Orange, Green and purple teams (great article from Daniel Miessler explaining the differences here for you https://danielmiessler.com/study/red-blue-purple-teams/ ) too with roles through them all like this tiny sample of job roles:
- Information Security Analyst
- Cyber Security Engineer
- Information Security Consultant
- Cyber Intelligence Analyst
- Security Software Developer
- Cryptanalyst
- Security Software Developer
- Information Security Administrator
There are loads more different kind of jobs in Cyber and one scan on LinkedIn to see what I am talking about.
So, how did I decide on the DFIR (Digital Forensics & Incident Response)?
You will see through this site that over the past nearly three years I have done several courses, read several different books and a bunch of different paths on TryHackMe with the main goal being to learn as much as I could about the broader ‘Cybersecurity’ field as well as sussing out which path I wanted to pursue and where I can’t pinpoint the exact moment I decided it was DFIR I do think it was some point whilst working through the TryHackMe path ‘Cyber Defense’ which covers the following:
- Threat and Vulnerability Management
- Security Operations and Monitoring
- Threat Emulation
- Incident Response & Forensics
- Malware Analysis and Reverse Engineering
I found that the books and articles I was reading were more DFIR based and the training and courses I was taking were more on the blue side leaning towards DFIR and then I am sure you are all aware but in September 2021 I got a job in DFIR and more specifically for Sophos as an Incident Response Analyst on the Rapid Response team which has hands down been the BEST JOB I have ever had, I love this role so much and not just that but the company too, Sophos are a great company to work for, they have been great both to me and for me I can’t ever see a point I will leave.
Have just finished my ECIH that you were following along with and any future ones will more than likely be DFIR too.
On top of all this my work colleges are so nice, its such a nice environment to work in with everyone being exceptional at the job they do, I really couldn’t have picked better people to be learning from.
With regards to the role, I am using many different DFIR tools from paid to Opensource and I want to share with you about the tools, what they are used for and a bit about them along with other DFIR content I find.
Hacking/Pentesting I still enjoy and will speak about but will be a lot less as I focus on the DFIR.
The next few interviews I have lined up are DFIR orientated so that has worked out kind of perfect as it was unplanned ?
Regards
Alex